Traffic Control with Envoy Proxy

Helm is a package manager for Kubernetes. It helps streamline installing and managing applications. This session covers prerequisites for Helm, which include a basic understanding of containers and Kubernetes along with its architecture. It also covers the limitations that come with running deployments using the kubectl binary, Helm's architecture, templating with it and finally ends on a note highlighting the difference between versions 2 and 3.

Kubernetes is an open-source tool for managing containerized workloads and services. It allows for deploying, maintaining, and scaling applications across clusters of servers. Kubernetes operates at the container level to automate tasks like deployment, availability, and load balancing. It uses a master-slave architecture with a master node controlling multiple worker nodes that host application pods, which are groups of containers that share resources. Kubernetes provides benefits like self-healing, high availability, simplified maintenance, and automatic scaling of containerized applications.

If you have an existing Java monolith, you know you must take care making changes to it or altering it in any negative way. Often times these monoliths are very valuable to the business and generate a lot of revenue. At the same time, since it’s difficult to make changes to the monolith it’s desirable to move to a microservices architecture. Unfortunately you cannot just do a big-bang migration to a greenfield architecture and will have to incrementally adopt microservices. In this talk, we’ll look at using Gloo proxy which is based on Envoy Proxy and GraphQL to do surgical, function-level traffic control and API aggregation to safely migrate your monolith to microservices and serverless functions.

AWSKRUG 판교 2019.06.05 Kubernetes Internals (Kubernetes 해부하기) - Understanding Kubernetes Components -- Understanding Kube-APIServer -- Understanding Kube-Scheduler -- Understanding Kube-Controller-Manager -- Understanding Kube-Proxy -- Understanding DNS - Understanding Kubernetes Networking -- Understanding Pod Networking -- Understanding Service Networking

EWERK and ENA contributed developers to the Tungsten Fabric SDN Special Interest Group. The goals were to integrate the widely adopted Tungsten Fabric into Apache CloudStack to provide advanced routing, security, and high performance networking features. This would allow features like static NAT, load balancing, firewalling, and encapsulated VM traffic between hosts using MPLS or VXLAN. The integration work added a Tungsten Fabric provider to CloudStack, allowed creating VMs with Tungsten networks, and added network policy and source NAT/port forwarding features. More testing is needed with the community.

The document provides an overview of Kubernetes networking concepts including single pod networking, pod to pod communication, service discovery and load balancing, external access patterns, network policies, Istio service mesh, multi-cluster networking, and best practices. It covers topics such as pod IP addressing, communication approaches like L2, L3, overlays, services, ingress controllers, network policies, multi-cluster use cases and deployment options.

Manually configuring mounts for containers to various network storage platforms and services is tedious and time consuming. OpenShift and Kubernetes provides a rich library of volume plugins that allow authors of containerized applications (Pods) to declaratively specify what the storage requirements for the containers are so that OpenShift can dynamically provision and allocate the storage assets for the specified containers. As the author of the Kubernetes Persistent Volume specification, I will provide an overview of how Persistent Volume plugins work in OpenShift, demo block storage and file storage volume plugins and close with the Red Hat storage roadmap. Presented at LinuxCon/ContainerCon by Mark Turansky, Principal Software Engineer, Red Hat Mark Turansky is a Principal Software Engineer at Red Hat and a full-time contributor to the Kubernetes Project. Mark is the author of the Kubernetes Persistent Volume specification and a member of the Red Hat OpenShift Engineering team.

Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.

OVN provides virtual networking capabilities for Open vSwitch including logical switches, routers, security groups, and ACLs. It uses OVSDB to configure OVN components and provides native integration with OpenStack Neutron. OVN's architecture includes a northbound database for logical network definitions, a southbound database for physical mappings, and daemons like ovn-northd and ovn-controller that translate between the databases.

Kafka Streams is a new stream processing library natively integrated with Kafka. It has a very low barrier to entry, easy operationalization, and a natural DSL for writing stream processing applications. As such it is the most convenient yet scalable option to analyze, transform, or otherwise process data that is backed by Kafka. We will provide the audience with an overview of Kafka Streams including its design and API, typical use cases, code examples, and an outlook of its upcoming roadmap. We will also compare Kafka Streams' light-weight library approach with heavier, framework-based tools such as Spark Streaming or Storm, which require you to understand and operate a whole different infrastructure for processing real-time data in Kafka.

Those are the slides that were used to give an introduction to Kubernetes at the Nardoz Berlin Meetup on the 2018-06-28.

Presentation given at Cloud Native Copenhagen, Cloud Native Aalborg, and Cloud Native Aarhus in December 2020

Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.

- 발표자: 고려대학교 임재민 - 자료: https://www.slideshare.net/openstack_kr/openinfra-days-korea-2018-track-4-grafana-openstack

ksqlDB로 실시간 데이터 변환 및 스트림 처리

Ray Kao and Kevin Harris from Microsoft presenting ‘Kubernetes Security with Calico and Open Policy Agent’ at the spring 2019 Kubernetes and Cloud Native meetup in Toronto.

We’ll present details about Argus, a time-series monitoring and alerting platform developed at Salesforce to provide insight into the health of infrastructure as an alternative to systems such as Graphite and Seyren.

A presentation given at AWS re:Invent on how Netflix induces failure to validate and harden production systems. Technologies discussed include the Simian Army (Chaos Monkey, Gorilla, Kong) and our next gen Failure Injection Test framework (FIT).

Complex distributed systems fail. They fail more frequently, and in different ways, as they scale and evolve over time. In this session, you learn how Netflix embraces failure to provide high service availability. Netflix discusses their motivations for inducing failure in production, the mechanics of how Netflix does this, and the lessons they learned along the way. Come hear about the Failure Injection Testing (FIT) framework and suite of tools that Netflix created and currently uses to induce controlled system failures in an effort to help discover vulnerabilities, resolve them, and improve the resiliency of their cloud environment.

How many services do you have? 5, 10, 100? How do you even run large number of services? A micro service may be relatively simple. But services also mean distributed systems, which are inherently complex. 5 services are complex. A thousand services across many generations are at least 200 times as complex. How do we deal with such complexity? This talk discusses service architecture at Internet scale, the need for larger transaction density, larger horizontal and vertical scale, more predictable latencies under stress, and the need for standardization and visibility. We’ll dive into how we build our latest generation service infrastructure based on Scala and Akka to serve the needs of such a large scale ecosystem. Lastly, have the cake and eat it too. No, we’re not keeping all the goodies only to ourselves. They are all there for you in open source.

This document provides an in-depth overview of Elastic Load Balancing (ELB) on AWS, covering topics like security, scalability, availability, and best practices. It discusses how ELB handles SSL/TLS encryption and security policies. It explains how ELB scales dynamically based on load and optimizes latency, throughput, and wait times. It also covers how ELB provides high availability across Availability Zones, performs health checks, and integrates with services like Route 53, CloudWatch, and Auto Scaling.